Main Vulnerability Database SB2021092109

SB2021092109 - Multiple vulnerabilities in Dell BIOS

Published: September 21, 2021

Security Bulletin ID SB2021092109

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper Restriction of Excessive Authentication Attempts (CVE-ID: CVE-2021-36284)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the authentication mechanism has no brute-force prevention. A local administrator can bypass excessive admin password attempt mitigations and perform a brute-force attack.

2) Improper Restriction of Excessive Authentication Attempts (CVE-ID: CVE-2021-36285)

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the authentication mechanism has no brute-force prevention. A local administrator can bypass excessive NVMe password attempt mitigations and perform a brute-force attack.

Remediation

Install update from vendor's website.

References

https://www.dell.com/support/kbdoc/fr-fr/printview/000191495/10/en

Vulnerable Software

ChengMing 3990: All versions
ChengMing 3991: All versions
Dell G3 15 (3500): All versions
Dell G3 15 (3590): All versions
Dell G5 15 (5500): All versions
Inspiron 3493: All versions
Inspiron 3501: All versions
Inspiron 3593: All versions
Inspiron 3793: All versions
Inspiron 3880: All versions
Inspiron 3881: All versions
Inspiron 5400 2 in1: All versions
Inspiron 5490: All versions
Inspiron 5493: All versions
Inspiron 5498: All versions
Inspiron 5590: All versions
Inspiron 5593: All versions
Inspiron 5598: All versions
Inspiron 7391 2 in 1: All versions
Inspiron 7500: All versions
Inspiron 7500 2 in1 Silver: All versions
Inspiron 7501: All versions
Inspiron 7590: All versions
Inspiron 7591: All versions
Latitude 3310: All versions
Latitude 3310 2-in-1: All versions
Latitude 5285 2-in-1: All versions
Latitude 5289 2-in-1: All versions
Latitude 5290 2-in-1: All versions
Latitude 5300: All versions
Latitude 5300 2-IN-1: All versions
Latitude 5310: All versions
Latitude 5310 2-IN-1: All versions
Latitude 5320: All versions
Latitude 5400: All versions
Latitude 5401: All versions
Latitude 5410: All versions
Latitude 5411: All versions
Latitude 5420: All versions
Latitude 5500: All versions
Latitude 5501: All versions
Latitude 5510: All versions
Latitude 5520: All versions
Latitude 5511: All versions
Latitude 7200 2 in 1: All versions
Latitude 7210 2 in 1: All versions
Latitude 7212 Rugged Extreme Tablet: All versions
Latitude 7220 / 7220EX Rugged Extreme Tablet: All versions
Latitude 7280: All versions
Latitude 7285: All versions
Latitude 7290: All versions
Latitude 7300: All versions
Latitude 7310: All versions
Latitude 7320: All versions
Latitude 7370: All versions
Latitude 7380: All versions
Latitude 7389: All versions
Latitude 7390: All versions
Latitude 7390 2-in-1: All versions
Latitude 7400: All versions
Latitude 7400 2-in-1: All versions
Latitude 7410: All versions
Latitude 7420: All versions
Latitude 7480: All versions
Latitude 7490: All versions
Latitude 7520: All versions
Latitude 9410: All versions
Latitude 9510: All versions
Latitude 9520: All versions
OptiPlex 3080: All versions
OptiPlex 3090 Ultra: All versions
OptiPlex 3280 AIO: All versions
OptiPlex 5080: All versions
OptiPlex 5480 AIO: All versions
OptiPlex 7080: All versions
Optiplex 7090 Ultra: All versions
OptiPlex 7480 AIO: All versions
OptiPlex 7780 AIO: All versions
Precision 3440: All versions
Precision 3540: All versions
Precision 3541: All versions
Precision 3550: All versions
Precision 3551: All versions
Precision 3560: All versions
Precision 3640 Tower: All versions
Precision 5510: All versions
Precision 5520: All versions
Precision 5530 2-in-1: All versions
Precision 5540: All versions
Precision 5550: All versions
Precision 5750: All versions
Precision 7550: All versions
Precision 7540: All versions
Precision 7740: All versions
Precision 7750: All versions
Vostro 3401: All versions
Vostro 3491: All versions
Vostro 3501: All versions
Vostro 3591: All versions
Vostro 3681: All versions
Vostro 3881: All versions
Vostro 3888: All versions
Vostro 5490: All versions
Vostro 5590: All versions
Vostro 7500: All versions
Vostro 7590: All versions
Wyse 5470: All versions
XPS 13 (9360): All versions
XPS 13 (9370): All versions
XPS 13 (9380): All versions
XPS 13 9300: All versions
XPS 15 9575 2-in-1: All versions
XPS 17 9700: All versions
XPS 7380: All versions
XPS 7390 2-in-1: All versions
XPS 7590: All versions
XPS 9500: All versions
Dell BIOS: before 1.2.0

SB2021092109 - Multiple vulnerabilities in Dell BIOS

Breakdown by Severity

Description

Remediation

References

Please verify you're human